https://artifacts.trustmarkinitiative.org/lib/tds/consent-and-choice---sensitive-information---opt-in-exceptions/1.0/Consent and Choice - Sensitive Information - Opt In Exceptions1.0Defines privacy requirements related to organizations requiring opt in choice for certain types of processing of their sensitive information.2018-04-10T00:00:00.000Zhttps://trustmarkinitiative.org/Trustmark InitiativePRIMARYTrustmark Supporthelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.PrivacyAccessAdequacyAdministrative safeguardsAdopted Authentication Scheme
(Adopted Scheme)AdoptionApproved Encryption MethodAssertionAssertion ReferenceAudit CriteriaAuthenticationAuthentication ProtocolBearer AssertionBiometricBona FidesCertification (Certify)ChoiceClaimantCollect/CollectionComparabilityConfidentialityCorrective measuresCredential Service Provider (CSP)Cross-certifiedCryptographicData commissionerData controllerData processorData protectionData protection authorityData protection officeData subjectDeceptive trade practicesDirect Assertion ModelDisclose/DisclosureDispute resolutionE-Authentication CredentialEntropyEU Data Protection Directive (EU Directive)European Economic Area (EEA)European Union (EU)Federal Trade Commission (FTC)Full Legal NameHealth InformationHolder-of-key AssertionIdentityIdentity ProofingIndirect Assertion ModelIndividualIndividually Identifiable Health Information (IIHI)Individually Identifiable Information (III)IntegrityIssuanceLevel of Assurance (LOA)Member stateMin-EntropyMulti-factor AuthenticationMulti-token AuthenticationNetworkNon-repudiationNonceNoticeOpenOpt-inOpt-outOut of BandPersonal dataPersonal Health Information (PHI)Personal Identifying Information (PII)Personal informationPersons and EntitiesPhysical safeguardsPossession and Control of a TokenPrivacyPrivacy policyPrivacy seal programPrivacy statementProcessing of personal dataProof of Possession ProtocolPseudonymPublicly available informationRegistrationRegistration AuthorityRelying Party (RP)Safe HarborSaltSecuritySensitive InformationSensitive information controllerSensitive Personal information (SPI)Shared SecretSPOStrong Man in the Middle ResistanceStrongly Bound CredentialsSubscriberTechnical safeguardsThreatTokenToken AuthenticatorTransborder flows of personal dataTransparentTrust CriteriaTrust FrameworkTrust Framework Provider (TFP)UseVerifierWeak Man in the Middle ResistanceWeakly Bound CredentialsSAFE-HARBORU.S. EU Safe Harbor Framework, A Guide to Self-Certification, March 2009* (Updated March 2013)1C-1The organization is permitted to not provide affirmative or explicit (opt in) choice for sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal convictions, or information specifying the sex life of the individual) when processing is (1) in the vital interests of the data subject or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects; (5) necessary to carry out the organization's obligations in the field of employment law; or (6) related to data that are manifestly made public by the individual.Choice]]>1Consent And Choice - Sensitive Information - Opt In ExceptionsDoes the organization require affirmative or explicit (opt in) choice for sensitive information when processing is (1) in the vital interests of the data subject or another person; (2) necessary for the establishment of legal claims or defenses; (3) required to provide medical care or diagnosis; (4) carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects; (5) necessary to carry out the organization's obligations in the field of employment law; or (6) related to data that are manifestly made public by the individual?A1InformationTypesInformation TypesENUM_MULTIPIIPHIIIIIIHIOthertrue